Security news that informs and inspires

All Articles

755 articles:

US Charges Chinese PLA Members in Equifax Breach

The Department of Justice indicted four members of China's People's Liberation Army in connection with the Equifax data breach in 2017.

China, Apache

Serious Bluetooth Flaw Fixed in Android Update

Google has patched a critical Bluetooth flaw in Android that could give an attacker control of a vulnerable device without any user interaction.

Android, Google

Malware Backdoor Campaign Targets Financial Services

An attack campaign has targeted financial services using a new type of backdoor since early January, FireEye said.

Backdoors, Malware, Financial Institutions

Cisco Fixes CDP Flaws in Routers, Switches

Cisco has patched five serious vulnerabilities that affect routers, switches, and IP phones and cameras with the Cisco Discovery Protocol enabled.

Cisco

Web Shell Attacks Continue to Cause Problems

Web shell attacks have been on the rise in recent months, as many APT groups employ them against enterprises.

Microsoft

Maybe FCC Will Punish Mobile Carriers That Sold Location Data

While FCC chairman Ajit Pai said at least one wireless carrier sold location data in violation of federal law, it is far from clear whether the offending entity will face any penalties.

Government, Privacy, Geolocation

Sudo Flaw Grants Root Privileges

A flaw in the sudo utility could allow a local user to gain root privileges if the pwfeedback option is enabled.

Linux

Make It Harder to Phish One-Time Passcodes Sent Over SMS

A proposal that would standardize the format of SMS messages being used in two-factor authentication schemes has a simple goal: make users relying on those one-time passcodes less susceptible to phishing attacks.

Sms, Sms 2fa, 2 Factor Authentication, 2fa, Browser Security, Phishing

For Whom the Bill Tolls: Encryption

A proposed bill by Sen. Lindsey Graham to prevent online child exploitation imagery could have a disastrous effect on end-to-end encryption.

Government, Encryption

The Growing Overlap of Disinformation and Security

Disinformation campaigns and cyber operations are intersecting more and more often, as actors become more sophisticated in their use of both tactics in their operations.

Disinformation

Enterprise Laptops Still Vulnerable to Memory Attacks

Attackers can exploit vulnerabilities in how laptops use memory to force the machine to execute unauthorized code while it is booting up, giving them unauthorized privileges and access to information, researchers said.

Hardware

Mozilla, Google Crack Down on Malicious Browser Extensions

Google and Mozilla over the past few weeks have taken steps to remove problematic extensions and add-ons that steal user data and execute remote code.

Browser Security

New CacheOut Attack Impacts Latest Intel Chips

Researchers have identified yet another speculative execution attack method against Intel processors.

Hardware, Intel, Spectre

Better Privacy Through Collaboration

Improving online privacy for users will require a mix of technical, legislative, and regulatory approaches.

Privacy

Interpol Arrests Possible Magecart Attackers in Indonesia

Three people arrested in Indonesia for using web skimmers to steal payment card details from websites may be linked to one of the groups operating under the Magecart umbrella.

Magecart